Can the firewall perform content scan for WINSCP, SFTP or SCP applications on SSH tunnel

Can the firewall perform content scan for WINSCP, SFTP or SCP applications on SSH tunnel

13993
Created On 10/31/19 22:39 PM - Last Modified 04/28/20 22:21 PM


Question


Can the firewall perform content scan for WINSCP, SFTP or SCP applications on SSH tunnel

Environment


  • PAN-OS 7.1 and above.
  • Palo Alto Firewall.

Answer


The firewall cannot scan for WINSCP,  SFTP and SCP applications for content inside an ssh tunnel.
 

Additional Information


The firewall can then be configured to block the SSH tunneling traffic with a security policy. This will deny the applications that are tunneled inside SSH.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNIuCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail